OSPF and Forcing a Subnet
Dear Friends, I have an OSPF over GRE configuration sending you below in which I have problem. I want to force OSPF to advertise 172.16/16 range without checking anything. And as you see I have an static route for it in routing table but again OSPF do not advertise it, only it advertise when I put one /32 subnet on loopback interface. even I put redistribute static subnets command with/without route-map but again do not work. I think because of having my providers address range in my static routes, routers and ospf confused when wanna advertise routers. interface Tunnel0 ip address 128.140.40.2 255.255.255.252 tunnel source 10.20.76.2 tunnel destination 10.20.75.2 interface GigabitEthernet0/0 description UPSTREAM - INTRANET ip address 10.20.76.2 255.255.255.248 interface GigabitEthernet0/1 description CONNECTED ROUTER ip address 10.20.76.9 255.255.255.248 router ospf 10 log-adjacency-changes area 10 range 172.16.0.0 255.255.0.0 passive-interface default no passive-interface Tunnel0 network 172.16.0.0 0.0.255.255 area 10 network 128.140.40.0 0.0.0.3 area 0 ip route 0.0.0.0 0.0.0.0 10.20.76.1 ip route 172.16.0.0 255.255.224.0 10.20.76.12 ip route 10.20.76.0 255.255.255.0 10.20.76.12 ip route 10.20.77.0 255.255.255.0 10.20.76.12 Thanks -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: OSPF and Forcing a Subnet
You don't have a route for 172.16/16 in the config below, so ospf will not advertise it. You do have a route for a subnet of 172.16/16, so either use summary-address 172.16.0.0 255.255.0.0 or nail up a static route for 172.16.0.0 255.255.0.0 to null0 and redistribute static subnets, and then ospf can redistribute that static route. On Sun, 21 Jul 2013, Shahab Vahabzadeh wrote: Dear Friends, I have an OSPF over GRE configuration sending you below in which I have problem. I want to force OSPF to advertise 172.16/16 range without checking anything. And as you see I have an static route for it in routing table but again OSPF do not advertise it, only it advertise when I put one /32 subnet on loopback interface. even I put redistribute static subnets command with/without route-map but again do not work. I think because of having my providers address range in my static routes, routers and ospf confused when wanna advertise routers. interface Tunnel0 ip address 128.140.40.2 255.255.255.252 tunnel source 10.20.76.2 tunnel destination 10.20.75.2 interface GigabitEthernet0/0 description UPSTREAM - INTRANET ip address 10.20.76.2 255.255.255.248 interface GigabitEthernet0/1 description CONNECTED ROUTER ip address 10.20.76.9 255.255.255.248 router ospf 10 log-adjacency-changes area 10 range 172.16.0.0 255.255.0.0 passive-interface default no passive-interface Tunnel0 network 172.16.0.0 0.0.255.255 area 10 network 128.140.40.0 0.0.0.3 area 0 ip route 0.0.0.0 0.0.0.0 10.20.76.1 ip route 172.16.0.0 255.255.224.0 10.20.76.12 ip route 10.20.76.0 255.255.255.0 10.20.76.12 ip route 10.20.77.0 255.255.255.0 10.20.76.12 Thanks -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: OSPF and Forcing a Subnet
Dear Jon I have a mistake in my last email, there is a static route like this: ip route 172.16.0.0 255.255.0.0 10.20.76.12 but again it is redistributing On Sun, Jul 21, 2013 at 12:22 AM, Jon Lewis jle...@lewis.org wrote: You don't have a route for 172.16/16 in the config below, so ospf will not advertise it. You do have a route for a subnet of 172.16/16, so either use summary-address 172.16.0.0 255.255.0.0 or nail up a static route for 172.16.0.0 255.255.0.0 to null0 and redistribute static subnets, and then ospf can redistribute that static route. On Sun, 21 Jul 2013, Shahab Vahabzadeh wrote: Dear Friends, I have an OSPF over GRE configuration sending you below in which I have problem. I want to force OSPF to advertise 172.16/16 range without checking anything. And as you see I have an static route for it in routing table but again OSPF do not advertise it, only it advertise when I put one /32 subnet on loopback interface. even I put redistribute static subnets command with/without route-map but again do not work. I think because of having my providers address range in my static routes, routers and ospf confused when wanna advertise routers. interface Tunnel0 ip address 128.140.40.2 255.255.255.252 tunnel source 10.20.76.2 tunnel destination 10.20.75.2 interface GigabitEthernet0/0 description UPSTREAM - INTRANET ip address 10.20.76.2 255.255.255.248 interface GigabitEthernet0/1 description CONNECTED ROUTER ip address 10.20.76.9 255.255.255.248 router ospf 10 log-adjacency-changes area 10 range 172.16.0.0 255.255.0.0 passive-interface default no passive-interface Tunnel0 network 172.16.0.0 0.0.255.255 area 10 network 128.140.40.0 0.0.0.3 area 0 ip route 0.0.0.0 0.0.0.0 10.20.76.1 ip route 172.16.0.0 255.255.224.0 10.20.76.12 ip route 10.20.76.0 255.255.255.0 10.20.76.12 ip route 10.20.77.0 255.255.255.0 10.20.76.12 Thanks -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 --**--**-- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/**pgphttp://www.lewis.org/~jlewis/pgpfor PGP public key_ -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: OSPF and Forcing a Subnet
what you are seeing is the expected behavior. you are asking the router to generate a type 3 summary for a type 1 lsa that doesn't exist for area 10 via the area 10 range' command (also, that is why it works when you add a /32 to loopback) 172.16/16 is an external route. If you want to generate a type 5 aggregate use summary-addr as Jon has pointed out. Else, leave static in place, redist static subnets but remove area 10 range 172.16.0.0 255.255.0.0 from ospf config. ./Randy ___ From: Shahab Vahabzadeh sh.vahabza...@gmail.com To: Jon Lewis jle...@lewis.org Cc: nanog nanog@nanog.org Sent: Saturday, July 20, 2013 12:55 PM Subject: Re: OSPF and Forcing a Subnet Dear Jon I have a mistake in my last email, there is a static route like this: ip route 172.16.0.0 255.255.0.0 10.20.76.12 but again it is redistributing On Sun, Jul 21, 2013 at 12:22 AM, Jon Lewis jle...@lewis.org wrote: You don't have a route for 172.16/16 in the config below, so ospf will not advertise it. You do have a route for a subnet of 172.16/16, so either use summary-address 172.16.0.0 255.255.0.0 or nail up a static route for 172.16.0.0 255.255.0.0 to null0 and redistribute static subnets, and then ospf can redistribute that static route. On Sun, 21 Jul 2013, Shahab Vahabzadeh wrote: Dear Friends, I have an OSPF over GRE configuration sending you below in which I have problem. I want to force OSPF to advertise 172.16/16 range without checking anything. And as you see I have an static route for it in routing table but again OSPF do not advertise it, only it advertise when I put one /32 subnet on loopback interface. even I put redistribute static subnets command with/without route-map but again do not work. I think because of having my providers address range in my static routes, routers and ospf confused when wanna advertise routers. interface Tunnel0 ip address 128.140.40.2 255.255.255.252 tunnel source 10.20.76.2 tunnel destination 10.20.75.2 interface GigabitEthernet0/0 description UPSTREAM - INTRANET ip address 10.20.76.2 255.255.255.248 interface GigabitEthernet0/1 description CONNECTED ROUTER ip address 10.20.76.9 255.255.255.248 router ospf 10 log-adjacency-changes area 10 range 172.16.0.0 255.255.0.0 passive-interface default no passive-interface Tunnel0 network 172.16.0.0 0.0.255.255 area 10 network 128.140.40.0 0.0.0.3 area 0 ip route 0.0.0.0 0.0.0.0 10.20.76.1 ip route 172.16.0.0 255.255.224.0 10.20.76.12 ip route 10.20.76.0 255.255.255.0 10.20.76.12 ip route 10.20.77.0 255.255.255.0 10.20.76.12 Thanks -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 --**--**-- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/**pgphttp://www.lewis.org/~jlewis/pgpfor PGP public key_ -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Vendors CLI Usability vs UNIX Shell
Hello, My vendor is giving me speeches on how they are improving their product Serviceability, Usability and Manageability. They told me they are adding a lot of new way of doing things, introducing more Unix-like utilities and over all making CLI smarter by exposing more visibility into system status and stuff like that. I rarely look at what other vendors do but i am now interested in what one might have over the other, specially things that would stand out. I wouldnt imagine Huawei doing anything advanced there so i guess its J vs C on this front. But i'd be interested in comparing them to Unix/Linux Shells too. Regards, Kim
AS3549 Level3/GBLX carrying routing for 10.0.0.0/8
It appears AS3549 is announcing 10.0.0.0/8. I noticed it from an AS3549 customer. From GBLX looking glass, ATL1 traceroute Protocol [ip]: ip Target IP address: 10.0.0.1 Source address: Numeric display [n]: n Timeout in seconds [3]: 1 Probe count [3]: 2 Minimum Time to Live [1]: 1 Maximum Time to Live [30]: 30 Port Number [33434]: Loose, Strict, Record, Timestamp, Verbose[none]: Type escape sequence to abort. Tracing the route to 10.0.0.1 VRF info: (vrf in name/id, vrf out name/id) 1 te3-1-10G.par9.CTA1.GRU.gblx.net (67.16.142.26) 120 msec 124 msec 2 122.5.125.189.static.impsat.net.br (189.125.5.122) 120 msec 120 msec 3 10.0.0.1 [AS 262487] 124 msec 120 msec Apparently the customer didn't have proper inbound filter.. Reply from 10.0.0.1: bytes=32 time=132ms TTL=61
Re: AS3549 Level3/GBLX carrying routing for 10.0.0.0/8
On 7/20/2013 11:26 PM, Yang Yu wrote: It appears AS3549 is announcing 10.0.0.0/8. I noticed it from an AS3549 customer. I wonder why people don't drop any update that contains stuff like RFC 1918 space. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: OSPF and Forcing a Subnet
Dear Randy, Thanks for your help, but 172.16/16 belong to that region and for example 172.17/16 belong to another one and I want to ospf bring me the whole subnet not which I used. And summary-address does not to this for me. Thanks On Sun, Jul 21, 2013 at 1:21 AM, Randy randy_94...@yahoo.com wrote: what you are seeing is the expected behavior. you are asking the router to generate a type 3 summary for a type 1 lsa that doesn't exist for area 10 via the area 10 range' command (also, that is why it works when you add a /32 to loopback) 172.16/16 is an external route. If you want to generate a type 5 aggregate use summary-addr as Jon has pointed out. Else, leave static in place, redist static subnets but remove area 10 range 172.16.0.0 255.255.0.0 from ospf config. ./Randy ___ From: Shahab Vahabzadeh sh.vahabza...@gmail.com To: Jon Lewis jle...@lewis.org Cc: nanog nanog@nanog.org Sent: Saturday, July 20, 2013 12:55 PM Subject: Re: OSPF and Forcing a Subnet Dear Jon I have a mistake in my last email, there is a static route like this: ip route 172.16.0.0 255.255.0.0 10.20.76.12 but again it is redistributing On Sun, Jul 21, 2013 at 12:22 AM, Jon Lewis jle...@lewis.org wrote: You don't have a route for 172.16/16 in the config below, so ospf will not advertise it. You do have a route for a subnet of 172.16/16, so either use summary-address 172.16.0.0 255.255.0.0 or nail up a static route for 172.16.0.0 255.255.0.0 to null0 and redistribute static subnets, and then ospf can redistribute that static route. On Sun, 21 Jul 2013, Shahab Vahabzadeh wrote: Dear Friends, I have an OSPF over GRE configuration sending you below in which I have problem. I want to force OSPF to advertise 172.16/16 range without checking anything. And as you see I have an static route for it in routing table but again OSPF do not advertise it, only it advertise when I put one /32 subnet on loopback interface. even I put redistribute static subnets command with/without route-map but again do not work. I think because of having my providers address range in my static routes, routers and ospf confused when wanna advertise routers. interface Tunnel0 ip address 128.140.40.2 255.255.255.252 tunnel source 10.20.76.2 tunnel destination 10.20.75.2 interface GigabitEthernet0/0 description UPSTREAM - INTRANET ip address 10.20.76.2 255.255.255.248 interface GigabitEthernet0/1 description CONNECTED ROUTER ip address 10.20.76.9 255.255.255.248 router ospf 10 log-adjacency-changes area 10 range 172.16.0.0 255.255.0.0 passive-interface default no passive-interface Tunnel0 network 172.16.0.0 0.0.255.255 area 10 network 128.140.40.0 0.0.0.3 area 0 ip route 0.0.0.0 0.0.0.0 10.20.76.1 ip route 172.16.0.0 255.255.224.0 10.20.76.12 ip route 10.20.76.0 255.255.255.0 10.20.76.12 ip route 10.20.77.0 255.255.255.0 10.20.76.12 Thanks -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 --**--**-- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/**pgp http://www.lewis.org/~jlewis/pgpfor PGP public key_ -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: Vendors CLI Usability vs UNIX Shell
On Sun, 21 Jul 2013, Kasper Adel wrote: My vendor is giving me speeches on how they are improving their product Serviceability, Usability and Manageability. They told me they are adding a lot of new way of doing things, introducing more Unix-like utilities and over all making CLI smarter by exposing more visibility into system status and stuff like that. So... catching up with where many other vendors have been for years? I wouldnt imagine Huawei doing anything advanced there so i guess its J vs C on this front. But i'd be interested in comparing them to Unix/Linux Shells too. JunOS is pretty much BSD on top of specialized hardware, so a lot of the CLI functionality is Unix-like. You can pipe the output of a command into another command, do regex matching, tab auto-completion, start shells, etc. Cisco is leaning in that direction, depending on the platform. IOS has some of the same functionality, but NX-OS is built on a Linux kernel, so the Unix-like functionality is 'closer to the surface' than it is with IOS. Some other vendors' gear (F5, Infoblox) is built on a Linux kernel, so their CLIs are often 'shells' within that environment, and how much access to the underlying OS depends on what the CLI allows you to do. I'm not too sure what other major vendors' CLIs look like, so I can't comment on them. Also, some vendors offer other ways of managing their gear (web interfaces, proprietary GUIs (there is a special place in hell for these vendors), etc. One thing to watch out for is whether parity exists between the CLI and whatever other means the vendor provides for managing their stuff. I can think of a few cases where this isn't (or wasn't) the case. jms
Re: Vendors CLI Usability vs UNIX Shell
On Sat, Jul 20, 2013 at 10:33 PM, Justin M. Streiner strei...@cluebyfour.org wrote: One thing to watch out for is whether parity exists between the CLI and whatever other means the vendor provides for managing their stuff. I can think of a few cases where this isn't (or wasn't) the case. Riverbed RiOS deserves a special shaming for this particular practice.
